[PATCH] Normalizing the Host: header

Poul-Henning Kamp phk at phk.freebsd.dk
Mon Mar 14 17:08:40 CET 2011


In message <10ABE5A2-05CF-47CF-8FA7-FC5A0ECB6C91 at mosso.com>, Adrian Otto writes
:

>In this case, I offer the advice that all host related headers should be 
>case folded, because DNS naming is case insensitive. So essentially 
>anywhere Varnish handles a hostname for any comparison, it should follow 
>the same rules.

Yeah, and that is where the trouble start, short at guessing, we have
no way of knowing which strings are hostnames and which are not.
(think X-My-Secret and cookies...)

Rather than venture into guessing, my attitude so far has been to
take a hands off aproach and force people to think about this
themselves.

Obviously that is nor particularly practical either.

What I'm looking for is the sensible middle ground...

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.




More information about the varnish-dev mailing list